Introduction
At Growthfyt, we are committed to ensuring compliance with the General Data Protection Regulation (GDPR), which enhances the protection of personal data for all EU citizens. This page explains how we process personal data in accordance with GDPR principles and outlines the rights of EU data subjects.
Data Controller and Data Processor Roles
Growthfyt operates in the following capacities under GDPR:
- As a Data Controller: For the personal data we collect about our customers and website visitors, we determine the purposes and means of processing this data.
- As a Data Processor: For the prospect data that our customers upload or direct us to collect through our platform, we process this data on behalf of our customers, who act as the Data Controllers.
GDPR Principles
We adhere to the following GDPR principles when processing personal data:
- Lawfulness, fairness, and transparency: We process data lawfully, fairly, and in a transparent manner.
- Purpose limitation: We collect data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.
- Data minimization: We limit data collection to what is necessary for the intended purposes.
- Accuracy: We take reasonable steps to ensure personal data is accurate and kept up to date.
- Storage limitation: We retain data only for as long as necessary for the purposes for which it is processed.
- Integrity and confidentiality: We implement appropriate technical and organizational measures to ensure data security.
- Accountability: We demonstrate compliance with these principles.
Legal Basis for Processing
Under GDPR, we process personal data based on one or more of the following legal grounds:
- Consent: The data subject has given consent to the processing of their personal data.
- Contractual necessity: Processing is necessary for the performance of a contract with the data subject.
- Legal obligation: Processing is necessary for compliance with a legal obligation.
- Legitimate interests: Processing is necessary for the legitimate interests pursued by us or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
Data Subject Rights
Under GDPR, EU data subjects have the following rights, which we fully respect and facilitate:
- Right to information: Data subjects have the right to be informed about the collection and use of their personal data.
- Right of access: Data subjects have the right to request access to their personal data.
- Right to rectification: Data subjects have the right to have inaccurate personal data rectified.
- Right to erasure (right to be forgotten): Data subjects have the right to request the deletion of their personal data in certain circumstances.
- Right to restrict processing: Data subjects have the right to request the restriction of processing of their personal data.
- Right to data portability: Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format.
- Right to object: Data subjects have the right to object to the processing of their personal data in certain circumstances.
- Rights related to automated decision-making and profiling: Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling.
To exercise any of these rights, please contact us at contact@growthfyt.com.
International Data Transfers
As a global company with operations and service providers in various countries, we may transfer personal data outside the European Economic Area (EEA). When we do so, we ensure that appropriate safeguards are in place to protect the personal data, such as:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Binding Corporate Rules (BCRs) for transfers within our corporate group
- Transfers to countries with an adequacy decision from the European Commission
Data Protection by Design and Default
We have implemented appropriate technical and organizational measures to ensure that, by default, only personal data necessary for each specific purpose of the processing is processed. This includes:
- Data minimization
- Pseudonymization and encryption of personal data
- Regular testing, assessing, and evaluating the effectiveness of security measures
- Implementing access controls and authentication mechanisms to ensure that only authorized personnel have access to personal data
Data Protection Impact Assessments
For processing activities that are likely to result in a high risk to the rights and freedoms of individuals, we conduct Data Protection Impact Assessments (DPIAs) to identify and minimize data protection risks.
Data Breach Notification
In the event of a personal data breach, we will notify the relevant supervisory authority without undue delay and, where feasible, not later than 72 hours after becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals. We will also notify affected data subjects without undue delay when the personal data breach is likely to result in a high risk to their rights and freedoms.
Data Protection Officer
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and ensuring compliance with GDPR requirements. Our DPO can be contacted at dpo@growthfyt.com.
Supervisory Authority
If you are an EU data subject and believe that we have not complied with data protection laws, you have the right to lodge a complaint with your local supervisory authority.
Contact Us
If you have any questions about our GDPR compliance or how we handle personal data, please contact us:
- By email: contact@growthfyt.com
- By mail: Growthfyt Inc., 123 Main Street, Suite 100, San Francisco, CA 94105, USA
